--As of May 5, 2011 5:37:52 PM -0700, Leonardo M. Ramé is alleged to have
said:
Hi, at home I have a DLink Dir 300 router to provide internet access for
my home network. The network is composed by two Windows PCs, one Linux
laptop and one FreeBSD server we use mainly for storage and as
web/database server.
I must add, the server only have one network card.
I would like to know if its possible to use the FreeBSD server as a
Firewall for the whole network, securing LAN and WiFi connections. If
this can be done, then how? could you point me to some howto?.
--As for the rest, it is mine.
I don't know of any howto's but it is possible. You would need to set up
the FreeBSD box with two ip's on it's interface, (one as an alias), and
have them on separate networks. (Sharing the same hardware, but with
non-overlapping ip ranges. Make one a 10.* network and one a 192.168.*
network.) One is the 'outside' network, and includes your internet
gateway. The other is your 'inside' network and includes everything else.
(Including your WiFi access point.)
Then you set up the FreeBSD box to route & NAT between them, and to
firewall along the way. A standard FreeBSD firewall howto would work
there, as long as you watch that you never specify an interface name in the
firewall rules, but use the IP address instead.
However, I would not recommend this. It's way too easy to accidentally at
some later point put one of your home boxes on the 'outside' network and
then you've just bypassed your firewall. Another ethernet card won't cost
much, and will make the setup easier and more secure: You can then
physically separate the networks.
Daniel T. Staal
---------------------------------------------------------------
This email copyright the author. Unless otherwise noted, you
are expressly allowed to retransmit, quote, or otherwise use
the contents for non-commercial purposes. This copyright will
expire 5 years after the author's death, or in 30 years,
whichever is longer, unless such a period is in excess of
local copyright law.
---------------------------------------------------------------
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[email protected]"
